Shea Levy
7d1ddae58e
nixos: evaluate assertions at toplevel, not at systemPackages
...
Fixes #2340
2014-04-22 14:09:02 -04:00
Eelco Dolstra
03d9e5cda0
sshd: Add support for socket activation
...
By enabling ‘services.openssh.startWhenNeeded’, sshd is started
on-demand by systemd using socket activation. This is particularly
useful if you have a zillion containers and don't want to have sshd
running permanently. Note that socket activation is not noticeable
slower, contrary to what the manpage for ‘sshd -i’ says, so we might
want to make this the default one day.
2014-04-22 17:38:54 +02:00
Eelco Dolstra
baffee02b8
sshd: Always start a session
...
Partially reverts 70a4c7b1df
. Whether to
start a session is independent of whether we're running in a
container.
2014-04-22 17:38:53 +02:00
Eelco Dolstra
b4afe5b7bc
dbus: Use upstream units
2014-04-22 17:38:53 +02:00
Eelco Dolstra
fa3826dcf4
Ignore *.wants in systemd.packages for now
2014-04-22 17:38:53 +02:00
Eelco Dolstra
27a8cada79
openvpn: Add systemd startup notification
...
This causes OpenVPN services to reach the "active" state when the VPN
connection is up (i.e., after OpenVPN prints "Initialization Sequence
Completed"). This allows units to be ordered correctly after openvpn-*
units, and makes systemctl present a password prompt:
$ start openvpn-foo
Enter Private Key Password: *************
(I first tried to implement this by calling "systemd-notify --ready"
from the "up" script, but systemd-notify is not reliable.)
2014-04-22 13:14:58 +02:00
Shea Levy
2a4282c811
Revert "Merge branch 'dbus-switch-to-configuration'"
...
This seems to have combined badly with the systemd upgrade, we'll revert
for now and revisit after the 14.04 branch.
This reverts commit ad80532881
, reversing
changes made to 1c5d3c7883
.
2014-04-21 18:30:05 -04:00
Rickard Nilsson
cfa5b5778c
pulseaudio module: Use pid-file for system-wide daemon, add loglevel option
2014-04-21 23:22:11 +02:00
Rickard Nilsson
5db9287b7c
rtkit: Update from 0.10 to 0.11
2014-04-21 23:22:10 +02:00
Ricardo M. Correia
5d5ca7b260
grsecurity: Update all patches
...
stable: 3.0-3.2.57-201404131252 -> 3.0-3.2.57-201404182109
test: 3.0-3.13.10-201404141717 -> 3.0-3.14.1-201404201132
vserver: 3.0-3.2.57-vs2.3.2.16-201404131253 -> 3.0-3.2.57-vs2.3.2.16-201404182110
2014-04-21 18:46:41 +02:00
Eelco Dolstra
19e9d25e8f
Remove KDE 4.11
2014-04-21 18:13:17 +02:00
Oliver Charles
ad80532881
Merge branch 'dbus-switch-to-configuration'
2014-04-21 13:09:14 +01:00
Shea Levy
1c5d3c7883
Merge branch 'modulesfix' of git://github.com/kirelagin/nixpkgs
...
ohci_pci is required in initrd since kernel 3.11
2014-04-21 07:51:31 -04:00
Kirill Elagin
ca7978a09d
ohci_pci is required in initrd since kernel 3.11
2014-04-21 15:42:05 +04:00
Oliver Charles
42ae633445
Merge branch 'master' into dbus-switch-to-configuration
...
Conflicts:
nixos/modules/system/activation/switch-to-configuration.pl
2014-04-20 19:17:05 +01:00
Eelco Dolstra
cf53152902
Fix GRUB 2 example
...
Fixes #1891 .
2014-04-20 19:41:15 +02:00
Eelco Dolstra
4e8c2f0ff9
Merge branch 'systemd-update'
2014-04-20 19:31:01 +02:00
Eelco Dolstra
2fbb9aba43
Fix the installer test
...
http://hydra.nixos.org/build/10419676
2014-04-20 01:56:11 +02:00
Eelco Dolstra
37d5e9c455
Temporary fix for installer tests
...
http://hydra.nixos.org/build/10455979
2014-04-20 01:53:11 +02:00
Eelco Dolstra
0a256cc0ee
Firewall: Only start if we have CAP_NET_ADMIN
2014-04-19 23:02:59 +02:00
Eelco Dolstra
4fb50f071f
Manual: Typo fixes
2014-04-19 22:59:25 +02:00
William A. Kennington III
3ccf990372
pcscd: Refactor service and use socket activation
2014-04-19 14:37:31 +01:00
Eelco Dolstra
18a7ce76fc
Enable udisks2 by default
...
The ability for unprivileged users to mount external media is useful
regardless of the desktop environment. Also, since udisks2 is
activated on-demand, it doesn't add any overhead if you're not using it.
2014-04-19 14:41:21 +02:00
Eelco Dolstra
fa9ed04997
Restart polkit if its configuration may have changed
2014-04-19 14:29:02 +02:00
Eelco Dolstra
82535e0f8f
switch-to-configuration: Check overrides.conf for X-* options
2014-04-19 14:28:33 +02:00
Eelco Dolstra
b03a2f9e90
Set personality when running a 32-bit container on a 64-bit host
2014-04-19 13:14:51 +02:00
Eelco Dolstra
9f1c9404da
Put /var/setuid-wrappers on a tmpfs
...
This allows all other filesystems to be mounted without the suid
option.
2014-04-19 12:40:09 +02:00
Eelco Dolstra
2a64b0a91b
Shut up warning about resolv.conf missing
2014-04-19 12:34:59 +02:00
Eelco Dolstra
fa1a46a01c
setuid-wrapper: Fix broken string comparison
2014-04-19 10:58:30 +02:00
Eelco Dolstra
b80e6b27c7
setuid-wrapper: Drop runtime dependency on setuid-wrapper.c
2014-04-19 10:53:17 +02:00
Eelco Dolstra
a8aa9f3fd4
setuid-wrapper.c: Remove tabs
2014-04-19 10:53:05 +02:00
Eelco Dolstra
e7ab051cda
Disable predictable interface names in tests
...
Apparently systemd is now smart enough to figure out predictable names
for QEMU network interfaces. But since our tests expect them to be
named eth0/eth1..., this is not desirable at the moment.
http://hydra.nixos.org/build/10418789
2014-04-19 10:13:46 +02:00
Mathijs Kwik
bf841cd892
Revert "systemd: oneshot units should be allowed to restart on failure/abort"
...
This reverts commit c1e638abb6
.
As pointed out by wkennington, upstream disallows all cases as of v207
2014-04-18 21:42:22 +02:00
Eelco Dolstra
5ee5aa1b90
Make "nixos-container login" an alias of "machinectl login"
2014-04-18 20:47:31 +02:00
Eelco Dolstra
0121688424
gpm: Better start condition
2014-04-18 20:23:27 +02:00
Eelco Dolstra
febb15f722
systemd: Enable keeping backlight / rfkill state across reboots
2014-04-18 19:37:15 +02:00
Eelco Dolstra
232a9caa96
Fix predictable network interface naming
...
In current systemd, this has been moved to systemd-network, which
we're not using yet. So revive the old udev rules from systemd 203.
2014-04-18 19:34:45 +02:00
Michael Raskin
7231b6b94e
Merge pull request #2248 from ehmry/rsync
...
rsync updated 3.0.9 to 3.1.0, rsyncd service module
2014-04-18 10:17:08 -07:00
Eelco Dolstra
465d6ff572
Set $LOCALE_ARCHIVE in all systemd units
...
This variable used to be inherited implicitly from the stage-2 script,
but systemd now clears the environment. So we need to set it
explicitly.
2014-04-18 19:04:45 +02:00
Eelco Dolstra
313c38d5f1
switch-to-configuration: Handle systemctl output change
2014-04-18 19:04:45 +02:00
Eelco Dolstra
02b936189c
Improve gpm service
2014-04-18 18:45:20 +02:00
Eelco Dolstra
48d90cf3b6
Revert "Put /nix/var/nix/{temproots,userpool} on a tmpfs"
...
This reverts commit dd49094a25
. Nix
barfs if /nix/var/nix/temproots is a symlink :-(
2014-04-18 18:37:07 +02:00
Eelco Dolstra
1e540af43b
Fix broken upstream user unit symlinks
2014-04-18 17:38:06 +02:00
Eelco Dolstra
85fdaed9de
ssh-agent: Tweaks
2014-04-18 17:37:47 +02:00
Eelco Dolstra
fec3bc85a6
postgresql: Use systemd's new "mixed" kill mode
...
"Mixed" mode sends the initial SIGINT only to the main process, but
sends the SIGKILL after the time-out expires to the entire cgroup.
2014-04-18 17:32:24 +02:00
Eelco Dolstra
16bba2db2e
Use "machinectl poweroff" to shut down containers
2014-04-18 17:11:59 +02:00
Eelco Dolstra
f9423208c2
Containers: Don't warn about not having a boot loader
2014-04-18 17:00:11 +02:00
Eelco Dolstra
dd49094a25
Put /nix/var/nix/{temproots,userpool} on a tmpfs
2014-04-18 16:56:20 +02:00
Eelco Dolstra
c13cede19d
Remove long-obsolete /nix/var/nix/chroots directory
2014-04-18 16:50:37 +02:00
Eelco Dolstra
21573af9fb
Containers: Use /etc/resolv.conf supplied by the host
...
This used to work with systemd-nspawn 203, because it bind-mounted
/etc/resolv.conf (so openresolv couldn't overwrite it). Now it's just
copied, so we need some special handling.
2014-04-18 16:48:11 +02:00